mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-28 12:40:08 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Properly escape user provided data in trans with data to prevent possible XSS attack vectors.

Browse source
This commit is contained in:
Jan Böhmer 2023-02-26 00:52:00 +01:00
parent 6ff60e556e
commit 5f39d8e594
3 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/DataTables/Helpers/PartDataTableHelper.php
View file

@ -67,7 +67,7 @@ class PartDataTableHelper
'<a href="%s">%s%s</a>',
$this->entityURLGenerator->infoURL($context),
$icon,
htmlentities($context->getName())
htmlspecialchars($context->getName())
);
}